S Ravi, Former BSE Chairman, Deciphers RBI's 


Ground-breaking IT Services Framework for 


Regulated Entities 


In a significant development, S Ravi BSE, former Chairman, sheds light on 


the latest master direction issued by the Reserve Bank of India (RBI) 
concerning Information Technology (IT) governance, risk, controls, and 
assurance practices for Regulated Entities (REs). The new framework, 
effective from April 1, 2024, aims to streamline and simplify IT and cyber 


governance and compliance for various financial institutions. 


Mr Sethurathnam Ravi - Former Chairman of BSE 


The master direction replaces the existing multiple circulars with a 
comprehensive approach, emphasizing the easy administration of IT and 
cyber governance. It applies to a range of entities, including scheduled 
commercial banks (excluding regional rural banks), small finance banks, 
payments banks, NBFCs in top, upper, and middle layers, all India financial 


institutions, and credit information companies. 


According to S Ravi BSE, Former chairman in the case of foreign banks, the 


master direction adopts a ‘comply or explain’ approach, providing 
flexibility regarding the constitution of committees at the branch level. 
These banks are permitted to leverage controlling offices, head offices, 
regional, or zonal committees for compliance, ensuring that governance 


obligations are met. 


The master direction delineates the role and authority of the board of 
directors, board-level committees, and senior management of REs in 
safeguarding customer interests. It consolidates and updates guidelines on 
IT governance, risk, controls, assurance practices, and business 
continuity/disaster recovery management, offering a comprehensive 


framework. 


The framework mandates REs to establish a robust IT Service Management 
Framework to support their information systems and infrastructure. This 
includes ensuring operational resilience, particularly for the entire IT 
environment and disaster recovery sites. Additionally, REs are required to 
have a documented data migration policy to ensure data integrity, 


completeness, and consistency during the migration process. 


Recognizing the rising threat of cyber and IT fraud, the RBI's master 


direction emphasizes the necessity for IT applications to possess audit and 


system logging capabilities, providing audit trails. S Ravi BSE, Former 
Chairman highlights that the RBI, through this direction, underscores the 
adoption of internationally accepted standards and configurations 
compliant with extant laws and regulatory instructions to strengthen IT 


infrastructure. 


In essence, the RBI's master direction marks a significant step towards 
enhancing cyber security measures and ensuring a robust IT governance 


framework for financial entities, aligning with global best practices. 


